[PATCH 4.19 04/93] afs: Fix loop index mixup in afs_deliver_vl_get_entry_by_name_u()

From: Greg Kroah-Hartman
Date: Wed Sep 04 2019 - 14:06:37 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.19 05/93] fs: afs: Fix a possible null-pointer dereference in afs_put_read()"
Previous message: Greg Kroah-Hartman: "[PATCH 4.19 39/93] mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n"
In reply to: Greg Kroah-Hartman: "[PATCH 4.19 39/93] mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.19 05/93] fs: afs: Fix a possible null-pointer dereference in afs_put_read()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ Upstream commit 4a46fdba449a5cd890271df5a9e23927d519ed00 ]

afs_deliver_vl_get_entry_by_name_u() scans through the vl entry
received from the volume location server and builds a return list
containing the sites that are currently valid. When assigning
values for the return list, the index into the vl entry (i) is used
rather than the one for the new list (entry->nr_server). If all
sites are usable, this works out fine as the indices will match.
If some sites are not valid, for example if AFS_VLSF_DONTUSE is
set, fs_mask and the uuid will be set for the wrong return site.

Fix this by using entry->nr_server as the index into the arrays
being filled in rather than i.

This can lead to EDESTADDRREQ errors if none of the returned sites
have a valid fs_mask.

Fixes: d2ddc776a458 ("afs: Overhaul volume and server record caching and fileserver rotation")
Signed-off-by: Marc Dionne <marc.dionne@xxxxxxxxxxxx>
Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
Reviewed-by: Jeffrey Altman <jaltman@xxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
fs/afs/vlclient.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/fs/afs/vlclient.c b/fs/afs/vlclient.c
index c3b740813fc71..c7dd47eaff29d 100644
--- a/fs/afs/vlclient.c
+++ b/fs/afs/vlclient.c
@@ -60,23 +60,24 @@ static int afs_deliver_vl_get_entry_by_name_u(struct afs_call *call)
struct afs_uuid__xdr *xdr;
struct afs_uuid *uuid;
int j;
+ int n = entry->nr_servers;

tmp = ntohl(uvldb->serverFlags[i]);
if (tmp & AFS_VLSF_DONTUSE ||
(new_only && !(tmp & AFS_VLSF_NEWREPSITE)))
continue;
if (tmp & AFS_VLSF_RWVOL) {
- entry->fs_mask[i] |= AFS_VOL_VTM_RW;
+ entry->fs_mask[n] |= AFS_VOL_VTM_RW;
if (vlflags & AFS_VLF_BACKEXISTS)
- entry->fs_mask[i] |= AFS_VOL_VTM_BAK;
+ entry->fs_mask[n] |= AFS_VOL_VTM_BAK;
}
if (tmp & AFS_VLSF_ROVOL)
- entry->fs_mask[i] |= AFS_VOL_VTM_RO;
- if (!entry->fs_mask[i])
+ entry->fs_mask[n] |= AFS_VOL_VTM_RO;
+ if (!entry->fs_mask[n])
continue;

xdr = &uvldb->serverNumber[i];
- uuid = (struct afs_uuid *)&entry->fs_server[i];
+ uuid = (struct afs_uuid *)&entry->fs_server[n];
uuid->time_low = xdr->time_low;
uuid->time_mid = htons(ntohl(xdr->time_mid));
uuid->time_hi_and_version = htons(ntohl(xdr->time_hi_and_version));
--
2.20.1

Next message: Greg Kroah-Hartman: "[PATCH 4.19 05/93] fs: afs: Fix a possible null-pointer dereference in afs_put_read()"
Previous message: Greg Kroah-Hartman: "[PATCH 4.19 39/93] mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n"
In reply to: Greg Kroah-Hartman: "[PATCH 4.19 39/93] mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.19 05/93] fs: afs: Fix a possible null-pointer dereference in afs_put_read()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]